We have two MWG's and we are dividing our users based on two AD groups which are 'MWG1 and MWG2', but I noticed if a user is not in MWG1 and MWG2, he is able to browse internet from any of the gateway. I want to have a rule which should check that if a user is not found in any of above AD group, should block him with a message meaningful, should not allow him to browse.
Please advice how we can do this. See attached screen shot how we are controlling two groups.
What is your network type, I mean, Are you using Proxy or Transparent Router?
In Both case you have to use Authentication server but it is a little different in each of them.
You can find your all answers by referring to below mentioned link:
are you using a HA-Cluster?? If yes, check how the proxy.ip settings property is filled.
Under Configuration -> proxies you can choose if the physical IP or the virtual IP is used.
Otherwise, try the rule tracing central to figure out how the properties are filled.